1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
6 * The library is free for all purposes without any express
12 @file rsa_import_pkcs8.c
18 /* Public-Key Cryptography Standards (PKCS) #8:
19 * Private-Key Information Syntax Specification Version 1.2
20 * https://tools.ietf.org/html/rfc5208
22 * PrivateKeyInfo ::= SEQUENCE {
24 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
25 * privateKey PrivateKey,
26 * attributes [0] IMPLICIT Attributes OPTIONAL }
28 * - Version ::= INTEGER
29 * - PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
30 * - PrivateKey ::= OCTET STRING
31 * - Attributes ::= SET OF Attribute
33 * EncryptedPrivateKeyInfo ::= SEQUENCE {
34 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
35 * encryptedData EncryptedData }
37 * - EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
38 * - EncryptedData ::= OCTET STRING
42 Import an RSAPublicKey or RSAPrivateKey in PKCS#8 format
43 @param in The packet to import from
44 @param inlen It's length (octets)
45 @param passwd The password for decrypting privkey (NOT SUPPORTED YET)
46 @param passwdlen Password's length (octets)
47 @param key [out] Destination for newly imported key
48 @return CRYPT_OK if successful, upon error allocated memory is freed
50 int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen,
51 const void *passwd, unsigned long passwdlen,
56 unsigned char *buf1 = NULL, *buf2 = NULL;
57 unsigned long buf1len, buf2len;
58 unsigned long oid[16];
60 ltc_asn1_list alg_seq[2], top_seq[3];
61 ltc_asn1_list alg_seq_e[2], key_seq_e[2], top_seq_e[2];
62 unsigned char *decrypted = NULL;
63 unsigned long decryptedlen;
65 LTC_ARGCHK(in != NULL);
66 LTC_ARGCHK(key != NULL);
67 LTC_ARGCHK(ltc_mp.name != NULL);
70 err = pk_get_oid(PKA_RSA, &rsaoid);
71 if (err != CRYPT_OK) { goto LBL_NOFREE; }
74 buf1len = inlen; /* approx. */
75 buf1 = XMALLOC(buf1len);
76 if (buf1 == NULL) { err = CRYPT_MEM; goto LBL_NOFREE; }
77 buf2len = inlen; /* approx. */
78 buf2 = XMALLOC(buf2len);
79 if (buf2 == NULL) { err = CRYPT_MEM; goto LBL_FREE1; }
82 err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, &zero, &iter, NULL);
83 if (err != CRYPT_OK) { goto LBL_FREE2; }
85 /* try to decode encrypted priv key */
86 LTC_SET_ASN1(key_seq_e, 0, LTC_ASN1_OCTET_STRING, buf1, buf1len);
87 LTC_SET_ASN1(key_seq_e, 1, LTC_ASN1_INTEGER, iter, 1UL);
88 LTC_SET_ASN1(alg_seq_e, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL);
89 LTC_SET_ASN1(alg_seq_e, 1, LTC_ASN1_SEQUENCE, key_seq_e, 2UL);
90 LTC_SET_ASN1(top_seq_e, 0, LTC_ASN1_SEQUENCE, alg_seq_e, 2UL);
91 LTC_SET_ASN1(top_seq_e, 1, LTC_ASN1_OCTET_STRING, buf2, buf2len);
92 err=der_decode_sequence(in, inlen, top_seq_e, 2UL);
93 if (err == CRYPT_OK) {
94 LTC_UNUSED_PARAM(passwd);
95 LTC_UNUSED_PARAM(passwdlen);
96 /* XXX: TODO encrypted pkcs8 not implemented yet */
97 /* fprintf(stderr, "decrypt: iter=%ld salt.len=%ld encdata.len=%ld\n", mp_get_int(iter), key_seq_e[0].size, top_seq_e[1].size); */
98 err = CRYPT_PK_INVALID_TYPE;
102 decrypted = (unsigned char *)in;
103 decryptedlen = inlen;
106 /* try to decode unencrypted priv key */
107 LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL);
108 LTC_SET_ASN1(alg_seq, 1, LTC_ASN1_NULL, NULL, 0UL);
109 LTC_SET_ASN1(top_seq, 0, LTC_ASN1_INTEGER, zero, 1UL);
110 LTC_SET_ASN1(top_seq, 1, LTC_ASN1_SEQUENCE, alg_seq, 2UL);
111 LTC_SET_ASN1(top_seq, 2, LTC_ASN1_OCTET_STRING, buf1, buf1len);
112 err=der_decode_sequence(decrypted, decryptedlen, top_seq, 3UL);
113 if (err != CRYPT_OK) { goto LBL_ERR; }
116 if ((alg_seq[0].size != rsaoid.OIDlen) ||
117 XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0])) != 0) {
118 err = CRYPT_PK_INVALID_TYPE;
122 err = der_decode_sequence_multi(buf1, top_seq[2].size,
123 LTC_ASN1_INTEGER, 1UL, zero,
124 LTC_ASN1_INTEGER, 1UL, key->N,
125 LTC_ASN1_INTEGER, 1UL, key->e,
126 LTC_ASN1_INTEGER, 1UL, key->d,
127 LTC_ASN1_INTEGER, 1UL, key->p,
128 LTC_ASN1_INTEGER, 1UL, key->q,
129 LTC_ASN1_INTEGER, 1UL, key->dP,
130 LTC_ASN1_INTEGER, 1UL, key->dQ,
131 LTC_ASN1_INTEGER, 1UL, key->qP,
132 LTC_ASN1_EOL, 0UL, NULL);
133 if (err != CRYPT_OK) { goto LBL_ERR; }
134 key->type = PK_PRIVATE;
141 mp_clear_multi(iter, zero, NULL);
149 #endif /* LTC_MRSA */
151 /* ref: $Format:%D$ */
152 /* git commit: $Format:%H$ */
153 /* commit time: $Format:%ai$ */